|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: Larry Seltzer (larry
larryseltzer.com)
Date: Wed Mar 03 2004 - 10:58:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>The problem is the antivirus installed in the perimeter, that does not detect those
samples. Exist some antivirus that detects the ZIP infected without knowing the
password:
I'm sure more of these detect it by now. I suppose SOP for these scanners has been to
extract files from ZIPs and scan them, but they need a more complex procedure now. Is it
possible that portions of the encrypted ZIP are consistant enough regardless of the key
that they can identify it? If not, for this particular case they could hack at the ZIP
file and use the message body as a dictionary.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzerziffdavis.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]